Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

DirtyClone, tracked as CVE-2026-43503, is a Linux kernel vulnerability that allows any local user to gain root privileges.

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

AI can be used to prevent cybersecurity threats linked to ransomware, says University of Cincinnati researcher Nelly Elsayed.

Researchers from Zscaler found a new malware campaign dubbed Edgecution.

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...

Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft. Five attack surfaces mapped.

Code hosting platform GitHub disclosed that it suffered a data breach last week as part of a software supply chain attack carried out by hackers. The attack was traced back to a GitHub developer, who ...

The post Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign appeared first on Tenable Blog. A self-propagating worm has compromised more than 170 npm and ...

CISA is warning that a newly-disclosed Linux kernel bug dubbed "CopyFail" is already being exploited, just days after researchers dropped a working root-level exploit. Tracked as CVE-2026-31431, the ...

Detection, mitigation, and reverse-engineering tooling for CVE-2026-41940 (SessionScribe): the cPanel/WHM unauthenticated session-forgery vulnerability disclosed 2026-04-28. Defense-in-depth active ...